Ghost in the Machine

by vivin

I heard a noise again. Two taps actually, in quick succession: TAP-TAP. I sighed and turned around. Again, nothing. I was slightly annoyed. I got up and stepped out the door and into the balcony. There was no one there. Everything was normal. A few cars where going up and down the street and I could see a few students who were probably heading back home after a late-night study session. I walked back in and sat down at the bench.

I started up where I left off. I cleared memory, loaded up my program and ran it. It crashed. I was puzzled. I blinked at the screen. I was also pretty frustrated because I was pretty sure that the code was good. I cleared memory and I ran the program again. This time it ran fine. I ran through the test cases and then suddenly, it crashed again. I knew that the hardware we worked on was old, and it was occasionally flaky. But my teammate and I had worked on this particular one many times without any issues. Now before I go any further, I just want to warn that this is going to get slightly technical. I will explain as simply and as best as I can because I know that not everyone reading this, is a programmer.

Usually when programs run fine and randomly crash, the first suspect is memory because memory can go bad, and that can corrupt your code. I could tell where the program was crashing, and so I decided to look at the assembly code at that particular point. As I was paging through the code. I noticed that at one particular point, the assembly instructions didn’t make sense. This is a typical sign of memory corruption and that’s what I assumed was going on. Now some technical mumbo-jumbo.

In the assembly world, you have hexadecimal numbers in memory. The processor interprets these numbers to do certain things. This is how all computers work. Now certain values and groupings of these numbers translate to actual assembly instructions. The debugger that we used would translate these numbers into the assembly instructions so that we could see our code in memory. Otherwise we’d just see a bunch of numbers and you would have to translate them by hand (by looking at the manual for the processor). Now in the debugger, there were two commands. One command would interpret the numbers as instructions and would print out the assembly instructions those numbers corresponded to. The other would just do a memory dump and translate those numbers into characters (for example, the hexadecimal code for the letter A is 41. When the debugger sees 41, it will translate that to an A and print it).

Now back to the story. The instructions at a particular point in my code didn’t make sense. They were invalid. I assumed the memory was corrupted and so I decided to do a direct dump of the memory in that location. That’s when I saw it. Buried in the random characters and gibberish that you normally get when you do a direct dump of code, I saw HELLO (the hex numbers 48 45 4C 4C 4F). Again, I didn’t suspect anything. It was pretty odd, but I didn’t think it was anything supernatural. After working with computers for a long time, you realize that they can do bizarre things. I figured that it might be data from a previous run, or something. Anything, except something supernatural. I cleared memory and ran my program again. Again, crash. Did a dump of that location and I saw HELLO again. I was getting pretty frustrated at this point. I cursed under my breath and cleared memory again. I wrote 00 and FF (all zero’s and all one’s) to all of memory to clear it (a typical way to ensure memory is cleared). I did a dump of that location to make sure that there was nothing there. I loaded the program up again, and ran it. It crashed.

I swore again, loudly this time. Before I did a memory dump I ran through my code again. I made sure I didn’t have the string HELLO anywhere in the code (I knew I didn’t, but I still checked). I knew for sure that I didn’t have any instructions that would generate HELLO either. I did a memory dump again. This time I saw HELLO THERE. At this point I started feeling uneasy. Still unwilling to admit that there might be something odd, I got up and walked around the lab. Was someone trying to play a joke on me (although I didn’t know exactly how they could even do that because you needed direct access to the machine)? Then I thought that maybe my teammate had played a trick on me before he left, perhaps by leaving another program running? But I knew even that was impossible because I had cleared memory.